Why does my BT Hub6 Router - Default to opening port 6969 and others?

My BT Hub6 Router seems to be opening several ports as standard and I'm worried that they may pose a security risk to my network. I'd be grateful for any help from someone more knowledgable than myself.

Here's what I've done so far...

  1. Physically unplugged/switched off EVERY device connected to my home network; laptops, phones, smart plugs, Alexa's... Everything!
  2. Did hardware factory reset of the router
  3. Disabled UPnP on router
  4. Did Port Scan (with NO devices connected)

Scan results, taken approx 30 seconds after factory reset....

Discovered open port 80/tcp on 192.168.1.254
Discovered open port 53/tcp on 192.168.1.254
Discovered open port 139/tcp on 192.168.1.254
Discovered open port 443/tcp on 192.168.1.254
Discovered open port 445/tcp on 192.168.1.254
Discovered open port 6969/tcp on 192.168.1.254

Note: I get the same result if I use my phone or my laptop to do the reset (They are the one and only device switched on each time, just incase they were opening the ports).

Completely baffled and paranoid about port 6969. I do not use torrents or suchlike as some have said the port is for. Now contemplating buying a new 3rd party router to replace the Hub6, but obviously don't want to spend money if there's a simple fix

Can anyone can make sense of the above, I'd be grateful for your wisdom.

Thanks in anticipation.

Answers

  • Scooby
    Scooby Member Posts: 173
    25 Answers 100 Comments 25 Awesomes 25 Likes
    ✭✭✭
    edited January 11, 2021 #2
    When you complete a port scan with either the Fing app, on your phone, or the Fing desktop app, it scans your internal network, as that is what your phone and desktop are connected to. Your router has two networks - an "internal" one, and an "external" one. The internal network is where all of your devices connect to. There will be ports open. The external network is where your router gets the IP address from your ISP, and how your router communicates with the Internet. It is your "public" IP Address. Typically, there shouldn't be ports open, unless you are using UPnP, or port-forwarding.

    192.168.1.254 is the internal IP Address of your router.
    Port 80 is the port for a web server (http). On your router, it is used to access the settings of your router.
    Port 53 is used for DNS (Domain Name System). It is basically the "phone book" of the Internet. It "translates" web site names to IP Addresses. For example, www.microsoft.com to 23.35.205.40. Your router uses port 53 to handle the "translating".
    Port 139 is used by Windows computers, for file and print sharing. Your router may have the port enabled if it can act as a media server or file server. (Some routers have USB ports where you can connect a USB drive or printer).
    Port 443 is the secure port for a web server (https). Your router may have a setting to use that port, instead of port 80, when accessing the settings.
    Port 445 is similar to port 139.
    Port 6969 I can't quite place. It could be used by the BT router for possibly a media server function, but I'm not familiar with the router itself. (Tried finding an online manual).

    As long as these ports are opened on the internal network side only, it should be fine. If they are opened on the external (Internet) network, then it can be a (security) concern.

    To check, first, go to a web site like https://www.whatismyip.com/, to find your "public" IP Address. Next, go to https://www.grc.com. GRC is short for Gibson Research Corporation. Once there, under "Services", click on "ShieldsUp!".  Click the "Proceed" button. Next, click on "All Service Ports". It will then scan ports 1 through 1056. So, ports 80, 53, 139, 443, 445 will be checked. You are hoping to get a "TruStealth Analysis" "Passed". As long as ports 80, 53, 139, 443, and 445 show as "stealth", then they aren't "open" to the Internet (which is good). Go back, but this time, type 6969 in the text field and click on "User Specified Custom Port Probe". It will then scan to see if port 6969 is open to the Internet. Again, you want a "TruStealth Analysis" "Passed" report.

    YanTanTethera
  • YanTanTethera
    YanTanTethera Member Posts: 2
    Name Dropper First Comment
    @Scooby Thanks for taking the time, it's appreciated.

    I do understand the difference between int' and ext' networks and have since asked a friend to carry out an external scan on my public ip address (with Nmap on their own machine/network), which unfortunately confirmed the same ports are open on the external side with no devices connected my end! Although the stealth scan at grc.com reports them as 'TruStealth, strange?
    As to ports 139 and 445, I am not using a pc or windows. I use a MacBook / OS X

    BT say, on doing a factory reset of their BT Hub6b router, "NO PORTS", will be open as default until a device on the network request them to open. They also confirmed they do not use port 6969 for anything their end. Oh, and they do not consider misc' open ports a valid reason to replace my router, typical.

    Think maybe time to change to something else (router). Ideas anyone?
    Thanks in advance.